<?php
namespace Admin\Controller;
use Think\Controller;
use Think\Auth;
use Think\Crypt\Driver\Think;
use Think\Verify;

class LoginController extends Controller {
    public function index(){
        $this->display();
    }
    
    public function verify(){
        $config = array(
            'useNoise'  =>    false,
            'length'    =>    4,
            'fontSize'  =>    16,
            'useCurve'  =>    false,
            'imageW'    =>    114,
            'imageH'    =>    42,
        );
        $verify = new \Think\Verify($config);
        
        $verify->entry('login');
    }
    
    public function logout(){
        
        //更新操作日志
        //R('Common/setSysEvent',array('logout'));
        session(null);
        session_destroy();
        $this->redirect('index');
        exit();
        
    }
    
    public function login(){
        //初始化参数
        $username = I('request.username','');
        $password = I('request.password','');
        $checkcode = I('request.verification');
        
        //验证码是否正确
        $verify = new \Think\Verify();
        if(!$verify->check($checkcode, 'login')){
            $this->ajaxReturn(array("success"=>false,"error"=>"验证码错误"));
            exit();
        }
        //验证输入数据
        if($username == '' or
            $password == '')
        {
            $this->ajaxReturn(array("success"=>false,"error"=>"账号或密码为空"));
            exit();
        }
        
        //删除已过时记录
        $failedlogin = M('failedlogin'); 
        $failedlogin->where("(UNIX_TIMESTAMP(NOW())-time)/60>15")->delete();
        
        //判断是否被暂时禁止登录
        $r = $failedlogin->where("`username`='{$username}'")->find();
        if(is_array($r))
        {
            $min = round((time()-$r['time']))/60;
            if($r['num']==0 and $min<=15)
            {
                $this->ajaxReturn(array("success"=>false,"error"=>"密码已连续错误6次请15分钟后再登录"));
                exit();
            }
        }
        
        //获取用户信息
        $admin = M('admin');
        $map = array();
        $map['username'] = $username;
        $row = $admin->where($map)->find();
        
        if(isset($row) && is_array($row)){
            $auth = new Auth();
            $group = $auth->getGroups($row['id']);
        }else{
            $this->ajaxReturn(array("success"=>false,"error"=>"账号不存在"));
            exit;
        }
        
        
        //密码错误
        if(!is_array($row) or md5(md5($password))!=$row['password']){
            $logintime = time();
            $loginip = get_client_ip();
            
           $r = $failedlogin->where("username = '{$username}'")->find();
           if(is_array($r))
           {
               $num = $r['num']-1;
               
               if($num == 0)
               {
                   $data['time'] = $logintime;
                   $data['num'] = $num;
                   $failedlogin->where("username = '{$username}'")->save($data);
                   $this->ajaxReturn(array("success"=>false,"error"=>"密码已连续错误6次请15分钟后再登录"));
                   exit;
               }
               else if($r['num']<=5 and $r['num']>0)
               { 
                   $data['time'] = $logintime;
                   $data['num'] = $num;
                   $failedlogin->where("username = '{$username}'")->save($data);
                   $this->ajaxReturn(array("success"=>false,"error"=>'账号或密码不正确！您还有'.$num.'次尝试机会'));
                   exit();
               }
           }
           else {
               $data['username'] = $username;
               $data['ip'] = $loginip;
               $data['time'] = $logintime;
               $data['num'] = 5;
               $data['isadmin'] = 1;
               $failedlogin->add($data); 
               $this->ajaxReturn(array("success"=>false,"error"=>'账号或密码不正确！您还有5次尝试机会'));
               exit();
           }
        }
        
        
        //密码正确，查看是否被禁止登录
        else if($row['checkinfo'] != 1)
        {
            $this->ajaxReturn(array("success"=>false,"error"=>'抱歉，您的账号被禁止登录'));
            exit();
        }
        
        //密码正确，查看管理组是否被禁用
        else if(empty($group))
        {
            $this->ajaxReturn(array("success"=>false,"error"=>'抱歉，您的所在的管理组被禁用'));
            exit();
        }
        
        
        //用户名密码正确
        else
        {
            $logintime = time();
            $loginip = get_client_ip();
            
            //删除禁止登录
            if(is_array($r))
            {
                $map = array();
                $map['username'] = $username;
                $failedlogin->where($map)->delete();
            }
            
            //提取当前用户账号
            session('admin',$row['username']);
        
            //提取当前用户权限
            session('adminlevel',$group[0]['group_id']);
            
            //提取上次登录时间
            session('lastlogintime',$row['logintime']);
            
            //提取上次登录IP
            session('lastloginip',$row['loginip']);
            
            //记录本次登录时间
            session('logintime',$logintime);
            
            //更新登录数据
            $map = array();
            $map['username'] = $username;
            $data['loginip'] = $loginip;
            $data['logintime'] = $logintime;
            $admin->where($map)->save($data);

            $this->ajaxReturn(array("success"=>true));
//            $return['status'] = 1;
//            echo json_encode($return);
            //$this->redirect('Index/Index');
            exit();
        
        }
    } 
    
    
    
}